1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    *
5    *
6    *
7    * The contents of this file are subject to the terms of the Liferay Enterprise
8    * Subscription License ("License"). You may not use this file except in
9    * compliance with the License. You can obtain a copy of the License by
10   * contacting Liferay, Inc. See the License for the specific language governing
11   * permissions and limitations under the License, including but not limited to
12   * distribution rights of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.servlet.taglib.security;
24  
25  import com.liferay.portal.kernel.log.Log;
26  import com.liferay.portal.kernel.log.LogFactoryUtil;
27  import com.liferay.portal.kernel.util.HttpUtil;
28  import com.liferay.portal.kernel.util.Validator;
29  import com.liferay.portal.model.Company;
30  import com.liferay.portal.util.PortalUtil;
31  import com.liferay.util.Encryptor;
32  import com.liferay.util.EncryptorException;
33  
34  import java.security.Key;
35  
36  import java.util.Set;
37  import java.util.StringTokenizer;
38  
39  import javax.servlet.http.HttpServletRequest;
40  import javax.servlet.jsp.JspException;
41  import javax.servlet.jsp.PageContext;
42  
43  /**
44   * <a href="EncryptTagUtil.java.html"><b><i>View Source</i></b></a>
45   *
46   * @author Brian Wing Shun Chan
47   */
48  public class EncryptTagUtil {
49  
50      public static void doStartTag(
51              String className, String style, String protocol,
52              Set<String> unencryptedParamsSet, String url, String target,
53              PageContext pageContext)
54          throws JspException {
55  
56          try {
57              StringBuilder sb = new StringBuilder();
58  
59              // Open anchor
60  
61              sb.append("<a ");
62  
63              // Class
64  
65              if (Validator.isNotNull(className)) {
66                  sb.append("class=\"");
67                  sb.append(className);
68                  sb.append("\" ");
69              }
70  
71              // HREF
72  
73              sb.append("href=\"").append(protocol).append("://");
74  
75              int pos = url.indexOf("?");
76  
77              if (pos == -1) {
78                  sb.append(url);
79              }
80              else {
81                  sb.append(url.substring(0, pos)).append("?");
82  
83                  Company company = PortalUtil.getCompany(
84                      (HttpServletRequest)pageContext.getRequest());
85  
86                  Key key = company.getKeyObj();
87  
88                  StringTokenizer st = new StringTokenizer(
89                      url.substring(pos + 1, url.length()), "&");
90  
91                  while (st.hasMoreTokens()) {
92                      String paramAndValue = st.nextToken();
93  
94                      int x = paramAndValue.indexOf("=");
95  
96                      String param = paramAndValue.substring(0, x);
97                      String value = paramAndValue.substring(
98                          x + 1, paramAndValue.length());
99  
100                     sb.append(param).append("=");
101 
102                     if (unencryptedParamsSet.contains(param)) {
103                         sb.append(HttpUtil.encodeURL(value));
104                     }
105                     else {
106                         try {
107                             sb.append(HttpUtil.encodeURL(
108                                 Encryptor.encrypt(key, value)));
109                         }
110                         catch (EncryptorException ee) {
111                             _log.error(ee.getMessage());
112                         }
113 
114                         if (st.hasMoreTokens()) {
115                             sb.append("&");
116                         }
117                     }
118                 }
119 
120                 sb.append("&shuo=1");
121             }
122 
123             sb.append("\" ");
124 
125             // Style
126 
127             if (Validator.isNotNull(style)) {
128                 sb.append("style=\"");
129                 sb.append(style);
130                 sb.append("\" ");
131             }
132 
133             // Target
134 
135             if (Validator.isNotNull(target)) {
136                 sb.append("target=\"" + target + "\"");
137             }
138 
139             // Close anchor
140 
141             sb.append(">");
142 
143             pageContext.getOut().print(sb.toString());
144         }
145         catch (Exception e) {
146             throw new JspException(e);
147         }
148     }
149 
150     public static void doEndTag(PageContext pageContext) throws JspException {
151         try {
152             pageContext.getOut().print("</a>");
153         }
154         catch (Exception e) {
155             throw new JspException(e);
156         }
157     }
158 
159     private static Log _log = LogFactoryUtil.getLog(EncryptTagUtil.class);
160 
161 }